Hello aspiring ethical hackers. In our previous blogpost, you learnt about most popular antivirus bypass techniques used. In this article, you will learn about EXOCET – a  AV-evading, undetectable, payload delivery tool. EXOCET is a Crypter type malware dropper. A Crypter is a software that is used to make malware undetectable. It performs functions such as encrypting, obfuscating and manipulating the code of the malware to make it undetectable.
New to Ethical Hacking?
Start your journey with The Beginner Ethical Hacker Starter Kit (2026 Edition).
Inside the free guide, you’ll learn:.
- Ethical hacking fundamentals
- Beginner cybersecurity roadmap
- Essential hacking tools
- Common vulnerabilities explained
EXOCET is one such Crypter-type malware dropper that can be used to recycle easily detectable malware payloads. EXOCET achieves this by encrypting those malware files using AES-GCM (Galois/Counter Mode) and then create a dropper file for a majority of target architectures and platforms.
Written in Golang programming language, the steps involved in making malware undetectable by EXOCET are,
- It first takes malware that is easily detectable by Anti Virus engines as input.
- It then encrypts this easily detectable malware and produces it’s own Go file.
- This Go file can be cross-compiled to 99% of known architectures like Linux, Windows, Macs, Unix, Android and IPhone etc.
- Upon execution, the encrypted payload is written to the disk and immediately executed on the command line.
Let’s see how it works. For this we will be using Kali Linux. First, we need to install Golang on Kali as Exocet is a GO program.
Once Golang is successfully installed, clone the repository of Exocet from GitHub. It can be downloaded from here.
We need to install the EXOCET source files in golang. We can do this using the command shown below.
Exocet is successfully installed. Now, let’s test it. We create a reverse shell payload with Msfvenom first.
We copy this payload to our target system which is Windows 10. The Windows Defender easily detects it (obviously) and classifies it as malware.
This is expected. Next, We copy this easily detectable payload to the directory of Exocet.
Then we run the following command using Exocet. This will create a new golang file called outputmalware.go.
Want to Learn Ethical Hacking Step-by-Step?
If you’re serious about learning cybersecurity, a structured roadmap makes the journey much easier.
Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and discover:
✔ The ethical hacking learning path
✔ Beginner-friendly security concepts
✔ Essential tools ethical hackers use
✔ The most common vulnerabilities explained
Then we run the following command to create a Windows 64 bit payload.
Our result is the exocet_payload.exe. We start a Metasploit listener on the attacker system and copy the Exocet payload to the target.
This time the payload goes undetected as shown below.
This is how we create AV evading payloads with EXOCET. Next learn about AV|ATOR, another tool that can create AV-evading payloads.
Start Your Ethical Hacking Journey Today
Learning cybersecurity can feel overwhelming at first. The best way to start is with a clear roadmap and the right resources.
Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and get instant access to:
✔ Ethical hacking fundamentals
✔ A beginner cybersecurity learning roadmap
✔ Essential hacking tools every beginner should know
✔ Common vulnerabilities explained simply
